Human Factor Security expert Robin Lennon Bylenga advised that in building an internal threat management program, it is imperative to not send mixed messages to the broader workforce. It's wise to conduct an assessment of human risk - not just IT risk, she said.
Synthetic ID fraud has moved beyond business-to-consumers to business-to-business fraud as more bad actors are opening fraudulent commercial accounts at financial institutions, said Dori Buckethal, vice president of risk and fraud solutions at Thomson Reuters.
Security is about more than technology, said Paul Watts, a distinguished analyst at the Information Security Forum. It's also about people and process, he said, with the ultimate goal of adding value to what the business is trying to do. Watts discussed how security leaders can achieve this goal.
Organizations struggle with governing the data that goes into and informs large language models since it's in documents rather than spreadsheets or SQL databases, said BigID CEO Dimitri Sirota. Companies need a more effective governance framework for managing unstructured data, Sirota said.
Companies are increasingly concerned about the security of applications built on open source components, especially when they’re involved in mergers and acquisitions. Just like copyright for works of art, each piece of open source software has a license that states legally binding conditions for its use. Licenses...
The ongoing rise in open source vulnerabilities and software supply chain attacks poses a growing threat to businesses, which heavily rely on applications for success. Between 70 and 90 percent of organizations’ code base is open source, while vulnerabilities such as Log4j have significantly exposed organizations...
Fears that cyber insurance coverage drives companies into paying ransomware demands more easily than not appear unfounded, concludes a British think tank study that also suggests insurers should do more to enact corporate discipline. Cyber insurance has been dogged by accusations of moral hazard.
A malware downloader is spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian companies, said researchers. Proofpoint callsthe downloader WikiLoader; it ultimately leads to the Ursnif banking Trojan.
The shifting of information to data warehouses such as Snowflake and Databricks has created oversight challenges around access and ownership, said Immuta CEO Matthew Carroll. Customers should be able to scan and analyze where their cloud data lives and identify and fix flaws or abnormalities.
Today's CISO must have close communication with the C-suite, understand the business needs of the organization as well as its objectives and risks, and to be able to articulately translate those business objectives into technology, said Dion Alexopoulos, head of security at Camelot.
Ukraine blocked an illicit money laundering network operating across the country that made use of sanctioned Russian payment systems and cryptocurrency exchanges to convert Russian rubles into Ukrainian hryvnia. The "black money exchanges" network processed more than $4 million monthly.
We have moved from cybersecurity strategy to cyber resilience strategy, said Fene Osakwe, a board member of the Forbes Technology Council. As a result, he said, we still start with identifying assets, but we keep going until we achieve recovery.
The rapid pace of API development has created major risk for companies given the amount of data that's being exposed, said Salt Security CEO Roey Eliyahu. The security industry hasn't adapted quickly to address these problems since it's still used to relatively static APIs that were easy to guard.
A Russian intelligence hacking campaign actively targeted European diplomats and think tanks as part of an espionage operation that lasted nearly six months. One characteristic of APT29 is how it blends in malicious traffic with legitimate traffic in order to evade detection.
ISMG's Healthcare Security Summit 2023, held in New York City on July 18, brought together leaders from the cybersecurity and healthcare industries to engage in a dynamic exchange of ideas and address pressing challenges faced by the healthcare community.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.